Unlike the contents of your inbox, bank statement, or Facebook timeline, your DNA quite literally defines you. It's strange, then, that in an age where sequencing the genome is becoming trivial, we don't give a second thought about the privacy issues surrounding the chemicals that make us who we are.

It was a major breakthrough in 1995: After 13 months, scientists finally sequenced the entire…
Read more Read more

In fact, most states in the US have absolutely no laws whatsoever to govern surreptitious genetic testing. If that surprises you, it gets worse. Back in 2006, the particularly forward-thinking state of Minnesota passed a law demanding that written consent had to be obtained for collection, storage, use, and sharing of genetic information. In 2011, however, the Minnesota Supreme Court judged that the state's own department of health was in violation of that very law.

So, quite literally millions of US citizen have their DNA records stored on databases, and there are few laws governing what's done with the data. Something has to be done about that—but it's not necessarily as easy as it sounds.

Clamp down on DNA privacy...

DNA privacy is a fine example of law-making failing to keep up with technology. An explosion in biological understanding and medical engineering makes it extremely easy to obtain genetic profiles, and old codgers in the law haven't paid attention.

Quite rightly, many people feel that DNA information is so deeply sensitive and personal that the only sensible route is to strictly protect it. The obvious method is to put rules in place—much like Minnesota did—in order to ensure that DNA data may only be accessed by individuals specifically named on a consent form. Even then, many argue, the data should only be used for purposes explicitly declared on that form.

The trouble, of course, is enforcing such rules. Clearly Minnesota did an awful job, and that was down to lax procedures when it came to destroying samples when their purposes were fulfilled. In theory, at least, firm laws about the destruction of DNA samples could clear those problems up. And that's just what California is currently doing: Scientific American reports that a bill is currently being considered by the state which would ensure the sanctity of your double helix.

...but slow the science?

The cost of enforcing such strict regulations, though, bites the hand that feeds. Laying down laws that limit the uses of cataloged DNA, many scientists argue, stymies the very researchers that made the databases of genetic data possible in the first place.

Currently, there are large libraries of sequenced DNA available to the scientific community. They're used to discover genes associated with diseases; to work out how our genetic make-up shapes our personalities and behavior; and to develop our understanding more generally about how the human body works.

But currently mooted legislation to control the use of DNA—including the Californian bill—would make it almost impossible to reuse DNA collected for one set of experiments to investigate a second problem. Researchers would have to continually gather and destroy their data, or else contact each and every individual every time a new experiment was being conducted. That, obviously, would seriously damage the creativity which drives much scientific research.

A third strand

All of which, considered together, leaves the liberally minded science geek in a tough spot. What's more important: privacy or progress?

The truth, of course, is that there is a third strand to the story. Most universities and funding bodies already have strict ethical standards in place for dealing with DNA samples. In fact, it's pretty much the norm to anonymize data as soon as it's collected, so that scientists are never able to tie samples to an individual. Instead, they're only ever referred to by a number.

An ideal situation, therefore, might allow researchers to use anonymized samples for a finite period of time for a range of different research projects not originally declared, but impose more strict regulations on non-anonymized data. Of course, that in itself raises huge questions about what research projects might be deemed suitable, which establishments would be eligible, and who would police the whole system.

None of which, sadly, clears things up an awful lot. What is clear is that DNA privacy isn't, as it stands, up to the job—but the solution still seems out of our grasp at present. Still, if all this makes us stop and think about genes in much the same way we think about the data we store online, then progress might not be far away.